Terms of use

Metadata

Abstract

For ‘mixed-criticality’ systems that have both critical and
non-critical functions, the greatest leverage on dependability
may be at the design level. By designing so that each
critical requirement has a small trusted base, the cost of the
analysis required for a dependability case might be dramatically
reduced. An implication of this approach is that
conventional object-oriented design may be a liability, because
it leads to ‘entanglement’, and an approach based on
separating services may be preferable.